TerminateProcess doesnt work for verified process id - c++

I am working on application that is supposed to kill a process with a given name.
Operating system I use is windows 7. The thing is that for all processes listed in task manager with a non-blank USER NAME field it works fine. However when a process has an empty username cannot be killed even by task manager.
Can anyone tell me why some processes has no user name. In my case it is csrss.exe winlogon.exe and unfortunately an old application I want to have killed. All other processes I examined has a proper username.
Is there any way to add a username to existing process ?
Can anybody recomend me better solution killing for killing application than
terminateProcess() ?

Those process cannot be terminated because you have no priviledges to do so. You would have to execute your application with elevated priviledges for it to work. There is no other way.

Related

How to kill my own process without killing same process of another user

Working Environment: Windows, C++
I am running xx.exe, and another user(user B) is running xx.exe at the same time. I want to kill my own xx.exe process programatically. When I used TIhelp32.h functions to kill xx.exe, it also kills user B's xx.exe too.
I do not have an admin's privileges. How can I kill my own process programatically?

Closing process from service without killing the processes

I am searching for a way to close a process running under any user by a windows service running under the system account. I've nearly tried everything but I could not find any solution except killing the process.
Why can't I kill the process?
I can't kill the process uses a tray icon. If I kill the process, the tray icon won't disappear.
What I've tried so far
I've already tried to use global eventhandles (did not work because the child process got extremely laggy).
I also tried to use PostMessage/SendMessage to communicate with the process. That solution did not work because a windows service can not interact with any user interfaces,...
I found another question (here on stackoverflow) which describes exactly my problem: Close a child process from a windows service.
This question does not contain a nice solution.
First of all I don't use C++ instead of C#. The next problem is, that the child process uses a mouse hook. So it has so run very fast without many overhead. Otherwise it would get laggy which would mean, that the mouse would lag on the whole system.
So is there really no simple solution to close a process from a windows service?
A service can use SetProcessWindowStation() and SetThreadDesktop() to attach to the interactive desktop of the target process before then sending messages to the target process.
Alternatively, the service can use CreateProcessAsUser() to run a new process in the same session as the target process, and then that process can send messages to the target process.

Invoking the application as system user(Windows)

We have a native GUI application which runs on a windows machine, and recently we have found out that the application terminates unexpectedly. After days I have found that this is happening because the application is run by explorer.exe and it gets killed unexpectedly, random somehow, so it causes termination of all child processes including our application.
Is there a way to invoke/call our app as system process (not with explorer.exe)?
Also assume that application/user has administrator access too.
Thanks in advance.
Killing explorer does not in general kill other processes. This is very easy to verify yourself by killing explorer from the task manager. Notice that other processes stay alive when you kill explorer. Something else is killing your process.
If killing explorer leads to your process dying, then the obvious explanation is that something in your process is leading to its death. In other words the problem is most likely in your code, and you need to work out what that problem is.
Also note that explorer isn't really a special "system process" as such. It's just a normal process that that runs under the logged on user's token.
You may need to give some hand of a OS services, then run the service as admin(run as system boot), then start he application from the service ,this will ensures you the app will started as admin and without the explorer.exe(as child)

how to start separate process under system account from a windows service?

I've read a lot of similar questions on SO but haven't found an answer
I need to run a separate process from a windows service in logged in user's session but under system account, thus user cannot terminate the process
I need this process to interact with desktop for supervising purposes.
the main goal is to prevent user to terminate the process.
If you run an interactive applications (having GUI or not), from currently logged in user account - the end user (having Admin rights) may terminate the process. You either need to keep it as SYSTEM service, or remove all DACL/ACL information from the process using SetKernelObjectSecurity.
actually there's much simpler way to achieve the same: to prevent process termination by user w/o special privileges (like admin rights)
after long digging I found acceptable answer here: Prevent user process from being killed with "End Process" from Process Explorer
works fine if you're logged in as a regular user, you cannot kill the process from Process Explorer. Admin still can kill it because has sufficient privileges. it's exactly what I needed

Windows 7 UAC elevation

I have a single thread that I'd like to run as an administrator in my application. The rest of the application I can happily run as the default user level (asInvoker). Is this possible? I notice there is an "ImpersonateLoggedOnUser" function. Can I somehow use this to log the administrator on and then get the thread to impersonate that person?
It seems as though this ought to be something pretty trivial to do ... but there doesn't appear to be any obvious way to do it. Can anyone help me out?
Edit: So if I have to fire off a seperate process is there any way I can CreateProcess a new process and have it launch from a specific entry point. I can, of course use command line processing to do it, but i'd really rather I could stop the user from entering the command line and starting an unclosable process!
No, elevation is per process, not thread.
If the rest of the application has to run non-elevated, you could run yourself elevated with some parameter (myapp.exe /uac "ipcparamhere") and use some sort of Inter-process communication to communicate back to the "main instance" of your app. (If the elevated process only performs a simple operation, you could probably check for success by using the exit code of the process)
This is not possible. You'll need to gain admin privileges by including a manifest in the app. Google "requireAdministrator" to find the manifest you'll need. Your user will probably quickly tire of doing this over and over again, your best bet is to spin-off the task that requires these privileges into a separate process. A service for example.
You can launch a separate exe and have a manifest on it saying it requires administrator. Then be sure to launch it with shell execute, which uses manifests, and you're all set. As a thoughtful touch, put a UAC shield on the button that kicks off that thread. (Send it a BCM_SETSHIELD message if you're doing this all by hand.)
You can decided whether you want a visible window or not on the separate process. Meanwhile the user can still drag and drop into the main app.